File name:

AconDigital_KeyGen.zip

Full analysis: https://app.any.run/tasks/a60a49e6-ea9f-41b4-a87f-81f8dc127966
Verdict: Malicious activity
Analysis date: May 19, 2024, 22:12:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

7A3308712D90AA93B6E664D5925A7338

SHA1:

A354E10B810E3D36C8456CDFA23BBA79F1AF7BD7

SHA256:

F34E10930DAFA83E26A6BEDF57EC2C86F2DF0EF0B058040B76384BB5F7BFFCDB

SSDEEP:

12288:PjtbAinTPGjicDefR/OPIGNZzfpKt/5La/KAnOimrpt:7einTPGjicDe5/OPIGNZzcthLdZimrpt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3972)
      • AconDigital_KeyGen.exe (PID: 2036)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • AconDigital_KeyGen.exe (PID: 2036)

  • INFO

    • Checks supported languages

      • AconDigital_KeyGen.exe (PID: 2036)
      • keygen.exe (PID: 1872)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3972)

    • Reads the computer name

      • AconDigital_KeyGen.exe (PID: 2036)
      • keygen.exe (PID: 1872)

    • Manual execution by a user

      • AconDigital_KeyGen.exe (PID: 2036)
      • AconDigital_KeyGen.exe (PID: 4068)

    • Create files in a temporary directory

      • AconDigital_KeyGen.exe (PID: 2036)
      • keygen.exe (PID: 1872)

    • Reads the machine GUID from the registry

      • keygen.exe (PID: 1872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2022:04:05 00:00:00
ZipCRC: 0x26d430bd
ZipCompressedSize: 394802
ZipUncompressedSize: 464544
ZipFileName: AconDigital_KeyGen.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe acondigital_keygen.exe no specs acondigital_keygen.exe keygen.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1872C:\Users\admin\AppData\Local\Temp\keygen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeAconDigital_KeyGen.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2036"C:\Users\admin\Desktop\AconDigital_KeyGen.exe" C:\Users\admin\Desktop\AconDigital_KeyGen.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\acondigital_keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3972"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\AconDigital_KeyGen.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
4068"C:\Users\admin\Desktop\AconDigital_KeyGen.exe" C:\Users\admin\Desktop\AconDigital_KeyGen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\acondigital_keygen.exe
c:\windows\system32\ntdll.dll
Total events
3 720
Read events
3 709
Write events
11
Delete events
0

Modification events

(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3972) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\AconDigital_KeyGen.zip
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3972) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
4
Suspicious files
1
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3972WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3972.9360\AconDigital_KeyGen.exeexecutable
MD5:C4D6E2B94972F38F1A16EAA64E2BD9FD
SHA256:DBB5832B400E97492A73C8A563B10A1AF9951FA9BB4A92003D4E63CC2195F1C6
2036AconDigital_KeyGen.exeC:\Users\admin\AppData\Local\Temp\R2RACON.dllexecutable
MD5:E8CDEC2C2624357CD4CA4504AB732C54
SHA256:369FDBFF93FAD7182147F679C83BC65030EF909DE4B4DEA886BF4D8E9E2C4390
2036AconDigital_KeyGen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeexecutable
MD5:022BE806370A5B74021A73799B43A2BC
SHA256:1D2AF1ED7134DFFD8812163D8B04225E6BCD7D0B31E8FD860924D84CFB43311B
2036AconDigital_KeyGen.exeC:\Users\admin\AppData\Local\Temp\BASSMOD.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
2036AconDigital_KeyGen.exeC:\Users\admin\AppData\Local\Temp\bgm.xmbinary
MD5:57E69663CAE5500F16F5EEFDDDAC7EF3
SHA256:48FEB65FD3126F0CADE08A999FE1A93E06F435D1CAB775E73195FB711D22FD35
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AconDigital_KeyGen.zip